As cloud becomes more pervasive, many organizations are seeking ways to insure themselves from unexpected downturn. Traditional and new insurers are starting to offer insurance programs designed to protect companies' information, networks, and operations from cloud failure, a market likely to grow and help spur further adoption of cloud among enterprises.
Insurance companies have struggled with ways to address the business continuity and protection needs of cloud customers.
In June, Marsh unveiled an insurance offering designed specifically to protect companies -- especially small and midsized organizations -- against losses stemming from a cloud service provider's failure. This stems from greater cloud adoption, interest from businesses' finance and risk executives, and a lack of a financial safety net for companies affected by non-traditional business interruptions resulting from managed service providers’ actions, Bob Parisi, Senior Vice President and Network Security and Privacy Practice Leader for Marsh, told 21cIT.
We looked at the cybersecurity market and we saw that there were a couple of things missing. The trigger for an insurance claim under business interruption and extra expense was computer security failure or, at best, a technology failure that wasn’t due to a physical event -- software wasn’t working, technology wasn’t working. The companies generally defined it as an interruption, but it had to be "your" computer system; it had to be the insured’s computer system. Your computer system starts to mean less than it did before. If all your servers are from a cloud provider, your computer system is not really where the risk is; their computer system is where the risk is. We hadn’t seen a really robust option for insuring or transferring the risk of contingent risk interruption in the cyber world.
Marsh's CloudProtect offering can cover loss of income; costs you incur procuring services from a new provider; and costs associated when transitioning to this new provider, according to the insurance firm. As part of the service, Marsh provides risk assessment.
Of course, Marsh is not alone in eyeing this opportunity. As CloudNow executives wrote recently in Forbes:
Cloud will evolve from a one-to-one relationship between end-user and cloud provider to a one-to-many, flourishing ecosystem comprised of cloud insurers, such as CloudInsure, broker services, and other intermediaries enabling organizations to enjoy the financial and operational benefits of federated cloud formations.
CloudInsure -- a wholly owned subsidiary of CyberRiskPartners, LLC and sister company of CyberFactors, LLC -- offers insurance and reinsurance specifically designed for cloud, according to the company's Website. Said CloudInsure CEO Mike Paisan:
The insurance industry needs the cloud industry, and cloud industry needs the insurance industry -- they just don't know it yet. We see that for Cloud Companies, and Tech in general, innovation and adoption is happening at a faster rate than a single insurance company can manage on their own, we anticipate great support and partnerships from the primary insurance, with opportunities in these markets on the scale of cloud.
Some argue, however, that clients are covered under existing cybersecurity policies. Scott Godes of counsel at law firm Dickstein Shapiro L.L.P. told BusinessInsurance.com (registration required) that he's seen few, if any, policies that specifically named cloud computing. Typically, he said, liability policies and first-party policies are written to include cloud computing.
"Close attention should be paid to when the term 'computer system' or 'computer network' is defined, if those are the operative terms of what is covered," he told BusinessInsurance.com.
How does your organization handle cloud insurance: Is it part of your existing cyber policy, or have you sought additional, cloud-specific coverage?
You're right, of course, that 100% uptime is a dream and a goal, but most likely an impossibility. Insurers are investigating many aspects of cloud. As I spoke to representatives from the world of insurance, it appears they are trying to get their hands around the problems; the opportunities, and the possible solutions. As companies place more data and systems in the hands of partners, there are more risk factors, risk factors that will eventually (insurers believe) lead to lawsuits when/where there is any kind of failure, whether that is technical/natural/or manmade due to breach of contract or unforeseen circumstances. Insurers and brokers are trying to figure out all the permutations but recognize they are not technology firms.
They are not, I don't believe, looking to insure the data itself. They are not involved in DR. Instead, they are looking to insure companies financially for the time they lose. As part of their insurance policies, the insurance companies' clients will have to go through risk assessments (just like health and life insurance clients undergo a physical) to make sure they meet certain requirements.
While I am beyond companies and brands wanting to make sure that they have zero downtime, that is a wild dream. Anything can happen and I think that is what sort of makes the whole industry thrive. But as we all also know that is a curse as well. Yes, I will admit that people and companies had a great amount of luck with the cloud during Hurricane Sandy, but what would have been different if their cloud's servers were hit? They would be back at square one again. So I hate to be the bubble buster here, but it is a long shot dream for both sides sadly.
I know, from speaking to insurance executives, that the industry is realizing that they cannot dictate clients' IT infrastructures. Sure, part of the equation is security. And that's one reason so many organizations opt for inhouse or private cloud for more sensitive areas of their business. Any datacenter is subject to failure, though. Insurers must figure this out because one company will. And as soon as one insurer has a viable model, others will kick themselves that they weren't first to market with a solution to a CFO's problem, a solution BTW that will also encourage further adoption of cloud, I think.
I believe - and I am not an insurer - that these policies complement other policies. Just as you might have an umbrella policy, you may want a cloud insurance policy to cover, among other things, the cost of moving to another provider if your first provider closes its doors; the costs of lost business if your cloud provider self-combusts ... with your data, etc.
Presumably we'll see standard forms of coverage gradually emerge from the industry, but I wonder how long that will take?
I can imagine insurers robustly defending the position that "computer network" doesn't just mean any computer network anywhere which you happen to be using!
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Before entrusting bet-your-business applications to the cloud, organizations need to ensure that service providers guarantee the apps will be available. The key to doing that is a strong Service Level Agreement (SLA).
IBM today said it will acquire SoftLayer Technologies, the largest privately held cloud computing infrastructure provider. IBM plans to leverage SoftLayer's expertise serving "born-on-the-Internet" companies to both broaden IBM's customer base and help better serve enterprise customers with cloud services.
The emergence of cloud puts IT in an awkward position familiar to seasoned pros: Business employees are bringing in new technology through the back door, without seeking permission from IT or even letting IT know it's being done.
Precor, which makes exercise equipment for gyms and homes, needed to transform itself into a cloud services provider in order to keep up with the changing demands of its customers.
Like other leading technology-using businesses, Walmart is starting to look like a vendor in its integration of the latest technologies to serve its customers. That's what led it to buy two Silicon Valley cloud startups this week.
Dave Austin, communications director for Multnomah County, discusses why he's excited to move from the county's "old and clunky" intranet and onto an open-source platform, and how this change will help him do his job.
The problem with infrastructure these days is not the cost of the network but the cost of the people managing the network. Sebastian Stadil discusses how he'd like to see companies evolve towards a more manageable infrastructure using cloud computing.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Multi-tenant clouds assure security for clients, but not necessarily for their ideas. Here's one thing you should discuss with your cloud provider before you sign on.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
So here we are, the last day of the 2013 US Open Golf Championship at Merion, and Phil Mickelson -- who has been a US Open runner-up five times now but never taken the trophy -- is right up there at the top of the leaderboard.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
